Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Server to Server VPN for SQL Traffic

Status
Not open for further replies.

Richard Parry

IS-IT--Management
Nov 27, 2017
14
GB
Hi All,

I wonder if you could help.

For various reasons, I have a SQL 2014 server hosted online (protected by a firewall etc), which provides SQL services to web servers in a datacentre.

I now need to run a server in our office, to integrate some custom software we have purchased. This needs to communicate with our datacentre hosted SQL database. This integration is complete - the local office server connects to the datacentre SQL server. All works great.

However, I found that all the data communication taking place is not encrypted, so using some sniffing software you can see data which must be encrypted, including the actual SQL connection string that is used in the custom VBScript coding.

Due to various reasons, I can't use SQL Encryption with SSL.

I have explored a Site to Site VPN between our office and the web server firewall, but this will require some expense as we'd need to purchase a new datacentre firewall that will work with our office firewall.

I've looked at OpenVPN, but I don't think this is quite what I need.

Does anyone have any suggestions? Basically I need to create a permanent VPN or SSL link, without using SQL's own SSL/Encryption, between the server in the office and the server in the datacentre, so all the SQL traffic between the two can be fully encrypted.

Any ideas please?



Thanks!
 
I was going to recommend OpenVPN... is there a reason why that wouldn't work for you?

It does exactly what you say; it opens a secure, encrypted VPN tunnel between two machines. Our Unitrends backup system uses it for site-to-site replication.


Just my $.02

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg
 
Thanks for the reply.

I managed to get the OpenVPN running on the server, but I couldn't figure how to get OpenVPN to run as a client and without a manual connection - They are both running as a service. The "initiator" system (which is the server in our office) I couldn't find a way for it to connect upon loading windows.

I will have another look at OpenVPN, but I got a little stuck in all honesty. If you have any sample config files (for the client and for the server) that you can post online that would be a huge help. Of course just omit/XXXXX out anything private.




Thanks, Richard
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top